thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James E. King, III (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (THRIFT-3978) Thrift C++ runtime uses assert to prevent overflows, checks sanity only in debug builds
Date Sun, 20 Nov 2016 16:11:58 GMT

     [ https://issues.apache.org/jira/browse/THRIFT-3978?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

James E. King, III updated THRIFT-3978:
---------------------------------------
    Description: 
Currently there is widespread use of assert in the thrift C++ runtime library.  Some of the
more disturbing cases are security related, for example checking header sizes.  I recommend
we eliminate assertions that are only checked in debug mode, and instead throw the appropriate
exception, usually a TTransportException with CORRUPTED_DATA as the reason.  If we're going
to check for an overflow or a buffer overrun, we should do so in debug and release modes.
 Further, assertions are not easily tested whereas exceptions are.

In THRIFT-3873 apache::thrift::transport::safe_numeric_cast was added, so I also suggest changing
static_cast to safe_numeric_cast where appropriate throughout the transport code to catch
any overflow errors.

  was:Currently there is widespread use of assert in the thrift C++ runtime library.  Some
of the more disturbing cases are security related, for example checking header sizes.  I recommend
we eliminate assertions that are only checked in debug mode, and instead throw the appropriate
exception, usually a TTransportException with CORRUPTED_DATA as the reason.  If we're going
to check for an overflow or a buffer overrun, we should do so in debug and release modes.
 Further, assertions are not easily tested whereas exceptions are.


> Thrift C++ runtime uses assert to prevent overflows, checks sanity only in debug builds
> ---------------------------------------------------------------------------------------
>
>                 Key: THRIFT-3978
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3978
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>    Affects Versions: 0.10.0
>         Environment: All
>            Reporter: James E. King, III
>            Assignee: James E. King, III
>              Labels: security
>
> Currently there is widespread use of assert in the thrift C++ runtime library.  Some
of the more disturbing cases are security related, for example checking header sizes.  I recommend
we eliminate assertions that are only checked in debug mode, and instead throw the appropriate
exception, usually a TTransportException with CORRUPTED_DATA as the reason.  If we're going
to check for an overflow or a buffer overrun, we should do so in debug and release modes.
 Further, assertions are not easily tested whereas exceptions are.
> In THRIFT-3873 apache::thrift::transport::safe_numeric_cast was added, so I also suggest
changing static_cast to safe_numeric_cast where appropriate throughout the transport code
to catch any overflow errors.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message